Previous Topic: Before You Install the Policy Server on UNIXNext Topic: Troubleshoot the Policy Server Installation


How to Install the Policy Server on UNIX

To install the Policy Server, complete the following steps:

  1. Review the Policy Server component considerations.
  2. Review the policy store considerations.
  3. Review the FIPS considerations.
  4. Gather information for the Policy Server installer.
  5. Run the Policy Server installer.
  6. (Linux) If Security–Enhanced Linux is enabled, add CA SiteMinder®–specific exceptions.
  7. (Optional) If you configured SNMP, restart the SNMP daemon.
Policy Server Component Considerations

In addition to the Policy Server, the installer can install and configure the following components. Review the following items before installing the Policy Server:

Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.

More information:

Locate the Platform Support Matrix

Certificate Data Store

Policy Store

Policy Store Considerations

Consider the following items before running the Policy Server installer or the Policy Server Configuration wizard:

More information:

Configuring CA SiteMinder® Data Stores in a Relational Database

FIPS Considerations

The Policy Server uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. FIPS is a US government computer security standard that is used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). The libraries provide a FIPS mode of operation when a CA SiteMinder® environment only uses FIPS-compliant algorithms to encrypt sensitive data.

You can install the Policy Server in one of the following FIPS modes of operation.

Note: The FIPS mode a Policy Server operates in is system-specific. For more information, see the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.

Note: For more information about migrating an environment to use only FIPS-compliant algorithms, see the Upgrade Guide.

More information:

Locate the Platform Support Matrix

Gather Information for the Installer

The Policy Server installer requires specific information to install the Policy Server and any optional components.

Required Information

Gather the following required information before running the Policy Server installer or the Configuration wizard.

Active Directory LDS Server Information

Gather the following required information to configure Microsoft Active Directory LDS as a policy store:

Oracle Directory Server Information

Gather the following required information to configure Oracle Directory Server to function as a policy store:

Microsoft SQL Server Information

To configure Microsoft SQL Server as a policy store, gather the following required information:

Database server name

Identify the IP address or name of the database host system.

Note: For more information about IPv6 support, see the CA SiteMinder® Platform Support Matrix.

Database name

Identify the named instance or the name of the database that is to function as the policy store.

Database port

Identify the port on which the database is listening.

Database administrator user name and password

Identify the name and password of an administrator account with permission to do the following operations:

Note: If the CA SiteMinder® schema is already present in the database, the wizard does not require the credentials of a database administrator with create permission. For more information, see Configure a SQL Server Policy Store.

CA SiteMinder® superuser password

The default CA SiteMinder® superuser account has maximum permissions. Determine the password for the default superuser account. The name of the default account is:

siteminder

Limits:

Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.

Oracle RDBMS Information

Gather the following required information to configure Oracle RDBMS as a policy store.

Database server name

Identify the IP address or the name of the database host system.

Note: For more information about IPv6 support, see the CA SiteMinder® Platform Support Matrix.

Database service name

Identify the service name of the database that is to function as the policy store.

Database port

Identify the port on which the database is listening.

Database administrator user name

Identify the name of an administrator account with permission to do the following operations:

Database administrator password

Identify the password of the administrator account.

CA SiteMinder® superuser password

The default CA SiteMinder® superuser account has maximum permissions. Determine the password for the default superuser account. The name of the default account is:

siteminder

Limits:

Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.

OneView Monitor Information

You only have to gather OneView Monitor information if you plan on configuring the OneView Monitor.

Gather the following required information to configure the OneView Monitor. You can use the OneView Monitor Information Worksheet to record your values.

Install the Policy Server in GUI Mode

Install the Policy Server using the installation media on the Technical Support site. Consider the following items:

Follow these steps:

  1. Exit all foreground applications.
  2. Open a shell and navigate to the installation media.
  3. Enter the following command:
    ./ca-ps-12.5-cr-unix_version
    
    cr

    Specifies the cumulative release number. The base r12.5 release does not include a cumulative release number.

    unix_version

    Specifies the UNIX version: sol or linux.

    The installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  4. Use the system and component information you have gathered to install the Policy Server.

    Consider the following items when running the installer:

  5. Review the installation settings and click Install.

    The Policy Server and all selected components are installed and configured.

    Note: The installation can take several minutes.

  6. Click Done.

    The installer closes.

  7. (Optional) If you did not use the installer to configure a policy store, manually configure the policy.

Note: If you experience problems during the installation, you can locate the installation log file and the policy store details file in siteminder_home/siteminder/install_config_info.

Install the Policy Server in Console Mode

Install the Policy Server using the installation media on the Technical Support site. Consider the following items:

Follow these steps:

  1. Exit all applications that are running.
  2. Open a shell and navigate to the installation media.
  3. Run the following command:
    ./ca-ps-12.5-cr-unix_version -i console
    
    cr

    Specifies the cumulative release number. The base r12.5 release does not include a cumulative release number.

    unix_version

    Specifies the UNIX version: sol or linux.

    The installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  4. Use the system and component information you have gathered to install the Policy Server.

    Consider the following items when entering information:

  5. Review the installation settings and press Enter.

    The Policy Server and all selected components are installed and configured.

    Note: The installation can take several minutes.

  6. Press Enter.

    The installer closes.

  7. (Optional) If you did not use the installer to configure a policy store, manually configure the policy.

Note: If you experience problems during the installation, you can locate the installation log file and the policy store details file in siteminder_home/siteminder/install_config_info.

More information:

Locate the Installation Media

Troubleshoot the Policy Server Installation

Installation Media Names

Add Exceptions to Security–Enhanced Linux

If Security–Enhanced Linux is enabled on the Policy Server host system, add CA SiteMinder®–exceptions to the environment. Adding the exceptions prevents Security–Enhanced Linux text relocation denials.

Follow these steps:

  1. Log in to the Policy Sever host system.
  2. Open a shell and run the following command:
    chcon -t textrel_shlib_t /siteminder_home/lib/*
    
    siteminder_home

    Specifies the Policy Server installation path.

  3. Run the following command:
    chcon -t textrel_shlib_t /JDK_home/lib/i386/*
    
    JDK_home

    Specifies the required JDK installation path.

  4. Run the following command:
    chcon -t textrel_shlib_t /JDK_home/lib/i386/server/*
    
    JDK_home

    Specifies the required JDK installation path.

    CA SiteMinder®–specific exceptions have been added.

Restart the SNMP Daemon

You only have to restart the SNMP daemon if you configured SNMP during the Policy Server installation.

To restart the SNMP daemon

  1. Enter S76snmpdx stop in /etc/rc3.d.

    The SNMP daemon stops.

  2. Enter S76snmpdx start in /etc/rc3.d.

    The SNMP daemon starts.